Opened 8 years ago
Last modified 8 years ago
#15020 new defect
Modifyvm --hardwareuuid does incorrect validation of input.
| Reported by: | mpack | Owned by: | |
|---|---|---|---|
| Component: | other | Version: | VirtualBox 5.0.12 |
| Keywords: | Cc: | ||
| Guest type: | all | Host type: | all |
Description
In order to help a user I tried to test the trick of fixing a VMs hardwareuuid using the VBoxManage "modifyvm --hardwareuuid" command.
First problem is that VBoxManage exited without giving an error message. If there is an error then it should give an error message. After a lot of double checking of syntax I finally guessed what the problem was.
VBoxManage wasn't letting me set a hardware UUID which conflicted with the VM UUID. Since these two UUIDs are in separate address spaces there should be no reason for this check.
To confirm that this check is unnecessary I used the command to set a non conflicting UUID, then edited the .VBox file to make it conflicting - with absolutely no ill effect. I then cloned the VM: the clone inherited the hardware uuid as intended, again with no ill effect.
Since this check blocks one of the obvious uses for this feature I would consider this an important error. Happily it must be trivial to fix.
No logs are attached, since I'm documenting a bug in VBoxManage, not describing a problem with a VM.
Change History (6)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
| priority: | blocker → minor |
|---|
comment:3 by , 8 years ago
Hi Frank. You want to check my syntax? Did you notice who was posting this? Well ok then.
I'm at work now and my test VM is at home, but the first thing I did was use the 5.0.12 GUI to clone my XP template VM. I called the clone something like "XP UUID Test". Then without launching it I issued the command "VBoxManage modifyvm "XP UUID Test" --hardwareuuid uuid" where uuid was carefully copied from the "<Machine " tag of the .vbox file. Note that my first attempt did not wrap "uuid" in {} braces since I assumed the parameter was an abitrary string, not necessarily a UUID.
VBoxManage completed without error, but to my surprise it had made no change to the .vbox file (no change in timestamp, no appearance of .vbox-prev file).
Ok, I thought maybe it did need to be a correctly formatted UUID, so I tried again, same command but this time adding the {} braces. Exactly the same result as before.
p.s. I was doing all this in a Windows .BAT file so I could easily tweak the syntax without having to retype every time, nor could the syntax vary inadvertantly between tests.
Finally, I changed just the last digit of the UUID and ran the bat file again: this time it was instantly successful: .vbox-prev appeared in folder, time stamp on .vbox changed, and this time I could see the uuid field added to the "<Hardware " tag in the VBox file.
comment:4 by , 8 years ago
No, actually I didn't :-) But in particular I'm trying to find out the problem.
The value passed to VBoxManage modifyvm --hardwareuuid uuid is directly passed to VBoxSVC. If the UUID has the wrong format then VBoxSVC complains that the string cannot be convered to a UUID. Machine::setHardwareUUID() does not perform any check against another UUID. It only checks if the setting can be changed (VM not running etc), then it sets the hardware UUID if it's different than the VM UUID, otherwise the hardware UUID is set to 0.
It still would be nice to see what you did, otherwise I don't understand the problem. It could have something to do with cloning.
comment:5 by , 8 years ago
"then it sets the hardware UUID if it's different than the VM UUID"... I don't understand. You said it does no checking, but that sentence says that does do a check versus VM-UUID.
If I had to guess I'd say that your code says something like "if <new_hwuuid> != getCurrentHwUuid() then SetHwUuid(new_hwuuid). And your getCurrentHwUuid() function goes something like :- "if hwuuid=="" rslt=VmUuid else rslt=HwUuid. This logic has the subtle bug that I mentioned: if HwUuid is currently null then you can't explicitly make HwUuid equal VmUuid, which means that you can't prepare the VM for cloning in such a way that its DMI strings won't change. If there was any previous HwUuid or if new_HwUuid<>VmUuid then it would work.
I don't know how I can show you what I did any better than my previous description. I have the set of 3 .vbox files if you want them. AFAIK these actions are not logged anywhere in a persistent log are they?
comment:6 by , 8 years ago
The source code of Machine::setHardwareUUID() can be found at src/VBox/Main/src-server/MachineImpl.cpp line 1416. I cannot provide a link to the online browser because the file is too big to be opened directly. The check I'm talking about is at line 1428 but that isn't a validation check. The only validation check is done in the API wrapper code (auto-generated) when the Bstr is transformed to com::Guid. So I still don't know which check fails.
Feel free to attach the .vbox files. I still would like to see the command you executed together with the error message so I can reproduce the problem.
Please show the commands you attempted to execute and which of them failed. I just changed the hardware UUID of a VM and this worked as expected and I'm not aware of any check which prevents using an arbitrary hardware UUID. I use VBox 5.0.12.